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(54)- Abstract Title i:\ ^ 1 r " ' 

Accessing a network host ^ompijter from outside the network with Improved security 

(57) An authorised user of a hpstrietwork4 1 such as an office network has a pager in the form of a PCcard 
slotted into a user terminal T-i. Toiatcessof^ice network 11 from outside, for example through a public 
switched network 12/the authorised user is given a on^ti%A , j)fc&^ is stored in 

the PC card pager. The PCcard pager is thm removed fypm t^ 

terminal MT^ (for exam pie a notebook computer). Using the mobile terminal the user r^uests access to the 
network 11 from outside b/'sending a us'eYrtame arid encrypted authentication inforrnatfon compri pager 
ID and one-time password to the host. The ufcer is authenticate^ in to the network if this 

information corresponds to information i rifecjistered in the host, cornputer. .Encryption is performed by the PC 
card pager using a hash function, the authentication information: and a randonvnumker generator. The mobile 
terminal may have a wireless x>i wjred connection to the network; A, desktop computer may also t>e used. The 
one-time password may be transferred to the PC card pager through the paging system. : . 

.:'".' : -V.;' ;• -Piq. ^i^: v \ : .. 
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LOGIN PERMISSION MSTHOD AMD SYSTSM 



1. Field of: the invention f 

The present Invention generally relates to a 
communications system permitting authorized users to log in 
5 to a host computer or server and, in particular, to a login 
permission method and system from outside to the host computer 
with improved securits^ ; ^ :. 

In a premises network system to which at, :us$r can access 
10 from outside through a communications lin^i_n^twork security 
is one of the most impor^akt issues . A ma^ox jEocus-of network 
security on computer s f ^ teips ^ik6 v this is the prevention of 
system use by unauthorized penfifflEdtf^'UiTd protect the system from 
unauthorized use, the system requires a user to enter a password 
15 to verify that the user is authorized to access the network. 

According to a conventional security method , a user name 
and a user's authentication information are registered on the 
host computer in advance. When a user's mobile terminal has 
accessed to the host computer through a communications line, 
20 the user name is sent to the host computer and. If it matches 
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the registered user name, "t&&^ 

information is also 5 sent tb :: tW In this way, 

only wlteh ^both the user' £am£ '^kxi :<i tbb usesr* s authentication 
inf ormat ion mat ch thd r e gi^terVfi ones r a brie - time pas sword is 
5 sent f jfoni tiie hosit boifiputfer t6 r tMe1nbb±le terminal. The mobile 
terminal iV aildWfed to ickj the^ bost computer using the 

one - titte jpassWord. ^ " ' ' " 

When an Unauthorized person has' khbwh the user name" and 
the aut^htic&tibn ibf ^ usi&r, however, 

10 the unauthorized person can get the one -tilite pass Word easily, 
resulting in compromised security of the network* Further, the 
conventional technique fails to provide sufficiently rapid 
connection establishment because the one-time password 
transmission is performed between the host computer and the 
15 mobile terrtiindr ' 'during 'ti^'ib&ia ^r^ce^i^ * 1 ' : • 7 

Ah autheiitic-atibtf : s&ethbd usifig §e6r6t -Wy^ericryption has 
been prbpbsfed in Japanese j^tei^ : ^^ Publication No. 

S- 3276^3. * : A ba£e 'statiioh 'tr^SniitrS^^^dbm^ data to a mobile 
terminal. At the inobilii tfei^nal; firrstland Wcohd bncrypted 
20 authentication signals are^prdduced ba^ received 
random data, a first secret key bi'th^ r mobile terminal, and 
a second secret key input by the subscriber ; respectively ♦ The 
encrypted authentication response data is transmitted to the 
base station. 

25 At the base station, the same encryption process is 
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performed to produce encrypted -*£v^ck data and matches It with 
the encrypted authentication, re^pojnse ,data received from the 
mobile tejpuinal. I£ the jprpdo<Pjed,iencxypted data matches the 
received one, ?r £he^ is affirmative . 

5 In a combination jqf the .<^ny^ntion^l pne- time password 

security method and the conventional authentication method 
using secret -key encryption, pluralities of data, exchanges are 
needed for login between a rnobiJe terminal and^ a host computer - 
Therefore, i*p is yery difficult to shorten the time required 
10 for login , completion. . , 

" :t - . ? ■ "I^or-^ ^ ^jf* "io v-j-,;;j:.r;* -/ ^ - ■. * : . • 

. c •..a 1 ";? -ipso ; &a-£v* r :f.'so l^. r.;i.e.» s:^- *: 

An object of the jg^e^j^ is, tp provide ; a login 

permissiojvm^ system £tff £h c«ux improve iietvork security 

and efficiently perf JL$>gii} : .p^pce^s at a short time - 
15 According to the .pre a host-ba^sed 

network, information required £or r Q\£$s±&& login is previously 
registered with the hoB^-beie^d^j^Xw^T^ ^ When an ; outside login 
request is received from a terminal through the communications 
line* it is deterniined.. whet her, user's, login information 
20 received i^ validated based on the registered information 
required for outside login. Only when the user's login 
information is validated, the terminal is permitted to log in 
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to the host- foas^d network ^rro^ ^p'i±A^- : j » 

The user's Xogir. infcr™^ a user. name 

and a user's authentication information , w^r^ja the user's 
authentication information is encrypted at the terminal and 
5 is decrypted at tbo fep^t.-!>as©<? ^t-^rV ac sowing to a 

predetermined ensi-j'ption scbo^r. C r ♦Ae- registered — . 

information required for outside login. Furthar prrif drably, 
the registered information required for outside login include 
a unique information i^niq?^!^ a^signo^ to t^f% Nominal, such 

10 as an identification number .^ssi^neJ, fto- -3-. 7^1.e-r5t:iv© call 

receiver or a pager which can be detachabl.y connected to the 
terminal. ; . . .. r:.;; ' 

. Preferably : . reg*^*^:*^ 
outside login further include ^orr? -\e p?.swrt that Is 

15 temporarily assigned to the terminal by the host-based network 
when the Inf orroatirrj rec^ire? f: cur-> -^ .^-fl? - s registered 
with the hort-taced 7>*vt**c « 

Preferred features of the present invention will now be 

described, by way of example oi*iy , with reference to the accompanying 
drawings, in whicii;- 

Fig. 1 is a schematic block d3.cig.TS3i Rhoxixig the 

20 configuration of a network system including a login system 
according to the present invention; 
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Fig. 2 is a bloc& ^©graSa lowing the detailed internal 
circuits of a host co1bpueer r -^d-'&'-PC-card pager in an embodiment 
of a login systea accordliig : to the present invention; 

Fig, 3 is a diagram sha^iag a sequence of a successful 
5 login process in an embodiment ' %,£ & login method according to 
the present invention; 

' Fig. 4 is a diagram sfea^isig ksa operation of encryption 
process i«i fche embodiments- of ta© login method; 

Fig. 5 is a schematic diagram showing an operation of 
0 the embodisaoatrof + JgiirffiefeodP a mobile te«ninal fails 
to log in to- «M» ' host ^^Sptife©£; - - 

Fig 6 is a ^<ih-e^3€£e ^iagresn shoeing' another operation 
of the embodiment of the logiia method itfsen a mobile terminal 
falls to log in to the host computer; and 

Fig- 7 , is a schematic diagram showing an operation of 
the embodiment of the login method when a mobile terminal 
successfully logs in «te* thfe host computer. * 
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As shown in Fig. 1, assuming that a network is provided 
in an office building 10 to provide services to authorized users * 
The network is composed of a premises switched network 11 which 
can be connected to a public switched network 12 outside the 
5 office, such as the public switched telephone network. 

Hereinafter, a combination of the premises switched network 
11 and the public switched network 12 is called a stationary 
switched network. The premises switched network 11 is 
connected to a host computer 23 which can provide services to 

10 a plurality of user terminals T X -T M ' ins'talied within the office 
building 10. For example,, an authorised user ean log in to the 
host computer 13 through any user" iermlsiail by" entering the 
correct password assigned to the taser. 

Further , the respective 'authorized ["users nave PC-card 

15 pager PG X -PG„ and mobile or portable terminals HTj-MT,, such as 
notebook computers. A PC- card pager is a PC card having a 
select ive call receiver , or a pager , therein - As described in 
detail later, a user's PC -card pager siores necessary 
information including the pager 'identification number and the 

20 encryption table. The PC- card pager is inserted into the PC 
card slot (PCMCIA slot) of a mobile terminal and thereby the 
authorized user can log in to the host computer 13 from outside 
through the public switched network 12- In other words, by 
connecting the PC -card pager of the authorized user to the 
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mobile terminal , the user can also log in to the host computer 
13 outside the office building 10. 

A desktop. computer with the communication function and 
the PC card slot, can be also used instead of a mobile terminal 
MT . That is , the user inserts his/her PC-card pager into the 
PC card slot of the desktop computer located outside the office 
and starts the outside login operation as will be described 
later. Hereinafter, the descriptions will be made in the case 
of a mobile terminal as an example. 

. HOST AND PC -CARD PAGES 
Referring to Fig. 2, the host computer 13 is connected 
to the stationary switched network (11. 12) through an 
interface 101 which may be a modem or a set of digital service 
unit (DSU) and a terminal adapter (TA) . The host computer 13 
performs; necessary controls including the login control 
according to thejpresent invention by running control programs 
on a processor 102 . , 

The host computer 13 further includes a memory 103 for 
storing authorized user name information, an encryption table 
104, and a random number generator (RNG) 105. The authorized 
user name information includes the user name, the one-time 
password temporarily assigned to the user, ^nd the pager ID 
assigned to the PC-card pager PGj to be used by the authorized 
user- The authorized user name information is registered onto 
the memory 103 when receiving an outside login permission 
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request from a user terminal T a (J = 1. 2, — ,N) in the office 
10. The memory 103, the encryption table 104, and the random 
number generator 105 are used to decrypt the encrypted 
authentication information received from the mobile terminal 
5 through the stationary switched network. A3 described later, 
only users who has been registered in the memory 103 and has 
sent the correct authentication information encrypted in a 
predetermined encryption scheme are permitted to log in to the 
host computer 13, 

10 a PC-card pager PG a is a PCMCIA card having encryption 

function and pager function* The PC-card pager PG, has an 
interface 201 which is designed to too connected to the PC card 
slot of a mobile terminal MT, (here, notebook computer). The 
PC-card pager PG a performs the encryption function and the pager 

15 function, which may be implemented by programs running on a 
processor 202. 

The PC- card pager PG, further includes a password memory 
203 for storing one-time password, a random number generator 
(RNG) 204. an encryption table 205, and a pager ID memory 206 
20 storing the pager ID assigned to the PC-card pager PG a . 

The one-time password, as will be described later, is 
transferred from the host computer 13 to the PC-card pager PG a 
and then stored onto the password memory 203 when the PC-card 
pager PGj is connected to the user terminal T 0 in the office 
^5 10 and the user makes the outside login permission request. 



The encryption table 205, the random number generator 
204. and the pager ID memory 206 are used to encrypt the 
authentication Information of the user. To successfully 
perform encryption at the PC -card pager PG^ and decryption at 
5 the host computer 13 , the encryption table 205 and the random 
number generator 204 of the PC-card pager PGj are the same as 
the encryption table 104 and the random number generator 105 
of the host computer 13 , respectively. 

The PC-card pager PG, further includes a radio receiver 
10 207 which is used to receive a paging or selective calling signal 
from a radio base station (not shown). As will be described 
later, the pager function may be used to receive the one-time 
password from the hoci'c computer 13 through a paging system. 

The user terminals ^-T^ each have a PCMCIA slot into which 
15 the PC -card pager PG 4 is inserted for data communication. More 
specifically, the pager ID is sent from the PC-card pager PG^ 
to the host computer 13 and the one-time password is sent from 
the host computer 13 to the PC -card pager PGj. 

The mobile terminals MT 1 -HT e9 each have the PCMCIA slot 
20 for the PC-card pager and a data communication means for 

communicating with the host computer 13 through the stationary 
switched network (11, 12). The data communication means may 
be a modem or a set of digital service unit (DSU) and a terminal 
adapter (TA) . Alternatively, the data communication means may 
25 be a wireless communication means. Further, the mobile 
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terminals MT^-MT^ each have a central processing unit (CPU) on 
which a control program for a PC-card pager may run. 

As described before 0 the present invention is not limited 
to mobile terminals MT 2 -MT W . A desktop computer with the 
5 communication function and the PC card slot can be also used 
Instead of a mobile v terminal MT. 

LOGIN SEQUENCE 
Next, the login procedure will be described in the case 
where a user having a mobile terminal. |ST, and a PC-card pager 
10 PGj therewith logs in to the host coappter 13 through the 
stationary switched network. , _ . 

. When the user intends to log in to the host computer 13 
outside the office 10, the user inserts the PC-card pager PG^ 
of the user's own into the PC pard^slot of the in-use terminal 
15 T, and then makes the outside login permission request to the 
host computer ,13 through the in -use. terminal T,- When receiving 
the out side login r permission m re.j^es 4 t . £roin the terminal T J# the 
host computer 13 reads the pager ID from the PC-card pager PG, 
and stores; the pager ID and the user name as authorized user 
20 name information onto the memory 103. Alternatively, the pager . 
ID may be ^entered by the user through the keyboard of the 
terminal Tj. 

Next, the host computer 13 informs the user of the 
one-time password which should be used in the case of .outside 
25 login through the mobile terminal MT,. The one-time password 
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may be displayed on screen o£ the terminal Tj. Here, assuming 
that the one-time password iLs transferred from the host 
computer 13 to the password memory 203 of the PC-card pager 
*Gj. " ' " 

5 Thereafter, the user logs out and goes out with the mobile 

terminal MT, and the PC- card pager PGj. 

Referring to Pig. 3, in the case where the user needs 
services provided by the host computer 13 from outside, the 
user inserts t&e ffc-card pager PG 3 into the PC card slot of the 
10 mobile terminal MTj aria then thiB mobile terminal MT, is started 
making a connection setup request to the stationary switched 
network (step S301), 

If it is'pbssl^ie^€o%stafilash'the requested connection # 
the stationary switched network sends an acknowledgement (ACK) 
15 back to the mobile terminal'MTj and thereby the connection from 
the mobile terminal MTj to :k the 0 'fitatio&ary switched network is 
established (step S302) 'V " Subseqiieit:ly/ 'the st^iOTity 
switched network sends a connection setup request to the host 
computer 13 (step S303) and, whei& receiving the connection 
20 setup acknowledgement from the host computer* 13 (step S304), 
the connection between the stationary Witched network ian 
host computer 13. Thereafter, the statiohary.switbhed network 
sends a connection setup acknowledgement back to the mobile 
terminal MT, and thereby the connection between the mobile 
25 terminal MT, and the host computer 13 is established (step 
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S305) • ' 

When the connection has been estaolioiied, the host 
computer 13 sends a user aaaio * v req&ast fox the user name 
information of the user to " the stationary switched network 
5 (step S306) . When receiving :: tBe*uster name request, .the 

stationary switched network* sends ~t2fe user name request to the 
mobile terminal KT, (step* S3 07) V : -i w - 

When receiving the! user name request from the host 
computer 13 through the* stationary switched network, the user 
10 is prompted to enter a user name through the keypad of the mobile 
terminal MTj- The user name jQay : ba : storifi in' r a' "memory and be 
read but from the raeniory : lLir response to-t^^W name request - 
Th4 \ise±f natte : is : seht %~o* :r tixe i fetaSriScto ( step 

S308) and further to the host computer 1 13 "(st^p S309 ) . 
15 ' When teceiViia^ use^ nairci the 1 "process or 102 of the 

host cbnfl^t^ received user 

name. If fourid; the prdbe^ssor ^102-dete^^Lnes that the laser naae- 
has been registered as ail d^t^idte idgin user name and then sends 
an authentication request to thfe " :r s tat foriaiiy Switched network 
20 (step S310) and f urthei: to ''i:^ : ^h±^ : t^rm±nA±'HI 9 (step 3311) . 
If not found, the processor 102 determines that the user name 
has never been registered as an d&tslde login user name and 
stops the login process to reject ttie login request. 

When receiving the authentication request from tine host 
25 computer 13/ the user is prompted to enter the authentication 
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information through the keypad of the mobile terminal M3V,. The 
authentication ^ inforKiation j»^y he stored, in a memory and be 
read out from the memory in response to the. received 
authentication request. : When the authentication, information 
5 has been entered, it Is transferred to the PC-card pager PGj- 
The processor 202 r of the PC-card .pjager P<5j ^ncrypts .the 
authentication information using the pager ID , the, one-time 
password, the encryption ..table 205, and the, random number 
generator 204- The details of. the encrypt ion, will be described 

The encrypted, ^tj^eivtigation ;; information* is sent back 
to t ha -mobile* .terminal -MIT» and. is .then , transmit ted v to T the 
s tat ionai^ £w3,t^ S3 12 ) and f^thj^^ttehost 

computer 1 3^<st^p- S3 13) xs^crcoo ~*-r * v 

15 At the host^qpm^uter 1.3*., -the encrypted authentication 

information rec^iv^ is ^decrypted 
using the encz^tion ^t^ble -4 % 0,4 ?c the random number generator 
105 and the authorised user name inf ormatlon in the way similar 
to the encrypt 1 91^ steps, ..per. f ormed in the. PC- card pager PG,. 
20 Then - the processor 102 , corrpsres .the decrypted 

authentication information, with the registered authentication 
information stored in th;e. memory 103- If the decacypted 
authentication information matches the registered one, the 
host computer 13 sends a login permission message to the 
25 stationary switched network (step S314) and further to the 
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mobile terminal MT, (step SaiSJt^Ja "this' maimer, the user can 
obtain desired services from the .too©*? computer 13 (step S316) . 
Contrarily, If the decrypted zautte^artication Unf cTrmation does 
not match the registered one>> the: Jrogin^ is-rejected. 
5 ;->l> - r ENCRYPTION 

Referring^fcci f Fig.^ tbefenG^ption of the'authentication 
information is performed at *thfe>PC^card pager. When th&*user 
enters the authentication information; :n the- proces kor 202 of 
the PC-card pager PGj reads the pager-ID from the pa^er ID memory 
10 206 (step S4 01) and the one-time password from the password 
memory? 203 OStep ^S402 ) . ^ Then, the pro<^ssor» '202 calculates a ; ■ 
Hash value H from -the one - 1 ime passw ordaisrio&Lthe Hashof unction 
(step ? S403)o- M : .--> :isriMux. ^u^b<\t}'i. GtlT6vr:a^ ^;,;»>v 

The : v processor ^202 initialises v^ai6^ random nvrmbeiv 
15 generator 204 according ta then Hash v®aaae-Mfx audi then obtains 
a random ^rtuitiberrRN^ Tfrom the ran&osK number generator 104 
according > to the pager ' ID ( St ep S40 rs s Further # the proces sor 
202 converts the random number RN T fc<> ar-number ^R t i rangixig from 
0 to 255 by dividing the random number RH^'by 256 to Obtain the 
20 reminder R*- thereof step" S405 )ci -i * ?■ - * . 

Sbbse^'^nt^lyi^-the"pr6ees6o'f 202- retfds encryption value 
from the location 6f the bncrypt7Lon-t-al>'l^ ; 2(r5 :: wh±eih is addressed 
with the reminder (step S406 ) i ^ rinaiiy , the processor 202 
exclusive-ORs the encryption value read froxn the encryption 
25 table 205 and the authentication information entered by the 
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user to produce. .encrypted ^uthentiaetion i«fozmation (step 
S407). The encrypted •■ ■a^tli.ss>.i±c^tiosi r information is 
transmitted to the host ©eL^mter: 13* ' 

When receiving th<s:eacrypted authentication inf onraation ^ 
5 the decryption steps are perxo:ciortd J.n the similar way. More 
specifically, th© processes: 102 ;of the host eompu terd 3 reads 
the pager XD end the o^e-tiaa^ password of the authorized user 
name front i*.he raamory -;X03«,y tha processor 102 calculates 

a Hash value H from .the; .ofte-'tliiLe password using the Hash function 
10 and initializes; the x&stS.cm number generator 105 according to 
the Hash value H^nd '\.tho^vo.blt^ins v a/xandom : nmriber RN T from the 
random number ~g&®ejr£*03c 103 t scsarfliDi& to the pages ID , Further:, 
the processor 102 converts the r&nfiom n»ber RN ¥ to a raimber 
ranging from f 0 >to 253 T y - dividing the: random number . RW X by 
15 256 to oTrtaixi th4f; ras^l^^ir ^/thereof, — . r.. . v 

Subsequently , 'the :^oreiv^or 102 reads encryption value 
from the location of thc,ts:ocrypt:3.on: table 104 .which is addressed 
with the^reminder Ryv^Fiaslly # tfc© processor 102 exclusive-ORs 
the encryption value read fssoEti i-.the encryption table 104 and 
20 the encrypted authentication iaf o^stics; irscaiv^u from . ub^ 
mobile terminal to reproduce -the... original authentication 
information. The decrypted authentication information is 
matched with the registered one.; 

LOGIN REJECTION AND PERMISSION 
25 Figs- 5 and 6 show? login rejection cases. In the case 
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shown in Fig- 5; the user is hdt^^tfkfcbrizcd to log in to the 
host computer 13 f rom r cutaxdev4 that is. the user- has r not been 
registered bnto the membry ? l-0S ; -- : fbr"Oli% : sid6 , ''Xoglji' permission. 
Since neither a one- tiro© password ^nos? i * pager ID for use "-in 
encryption is registered/ when the login jfeguest of the 'user 
is made from outside through J the ^t at IbnSary switched network, 
the host "fcbmputer detexinihes that^ tixe user isT an unauthorized 
person>" ^ v ' v ' *' ' '■• v.o-r.:r2/.-. ..'.a =?-<j ?„.-- r • ■:■ .... » t r 

In the case shown in Fig ; : Sv tW user Sias beei properly 
registered "onto the memory 103- f or -ot5ts : i&e ; Ibgih permission • 
Therefore, a : one-time password ; '^a^S :, *pSg6r»"li>' for us<i in 
encryption- aire registered bh-the host In the case 

where the ' usto doesf -nbt^«a^e* ? t-I^ ^PG-6a^d^pasfer therewith „ ~ 
however, the em&re'*~£<^ 

cannot be perf brmed : properl'yV Th&re£^rbv the^ host computer 
also determines that 'fchei'tfsaxM ^is^ ah r ^a^authoriied -person-' 

Referring to Fig. 7, the'^es'eri'-i^s "hebn* 1 properly 
registered onto the memory 103 for outside login permission 
and the authentication information is properly encrypted using 
the pager ID and the one-time password. Therefore, the host 
computer determines that the user is an authorized person and 
permits the user to log in to the host computer 13. 

As another embodiment of the present invention # the 
paging system may be used to transfer the one-time password 
from the host computer 13 to the PC-card pager. More 
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specifically, the liost : poi^iatcr : 13: is ^onnected to the paging 
system and, calls up the BC-CvM*d pager that the user has . When 
t he, PC - card _pager has been successfully called 0 the one - time 
password is transformed to the .f&j-card pager through the paging 
5 system and is stored onto^he password memory *20? of the PC-card 
pagsr mPGj through ^ v; the jradiq^ receiver; 20? . 

As described. above,, apposing to the present invention, 
only a user who has been authorized to log in to the host computer 
front- outside can log into^the host computer. Especially P the 
10 encryption of authentd^at^on- information is performed based 
on the pager ID of '%h^c^^<}^^i^sgBT^of v th^v^^T : !B own and the 
one-time passwordp^vtpnsly assigned tp the user • Therefore, 
the con&fc£ions ^OQU^rs^s^o^ {login rem outside become more 
strict ; resulting &&®gKmm$ .^e^orfe s ? ecurit^. :: , ? ^ ~ : ; _ ■ . , 
15 - ; Since there^ls nQ:£f€3B$lr/$^^ fr^om 

the host computer tp th^ a login , : the login 

process can l>e rapidly :P©apl^ed,; 
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Each feature disclosed in this specification (which term 
includes the claims) and/or shown in the drawings may be 
incorporated in the invention independently of other disclosed 
and/or illustrated . features.... . . 

Statements in this specification of the "objects of the 
invention" relate to preferred embodiments of the invention, but 
not necessarily to all embodiments of the invention falling 
within the claims . 

The description of the invention with reference to the 
drawings is by way of example only. 

The text of "the abstract : f ixed'*herewitfi " is repeated here as 
part of 'the ''specification ; ' : • ^ ■-^*- > - 



25 A login permission ^triethbdi ^^imprc^:i;hg^^^woTt?k^ security and 

efficiently? perf oirmiiig ^a- .:login^'pro.cessb^ In a host- 

based network, information required. «.,PUt&i*de T? login is 

previously registered with the host -based network. When an 
outside, , -login request ;: is £r rec^ tejrmin^l through the 

communications : iin s e :t . v i,t : . is 0 £e^pii pe £ : y^ethe^„ user's login 
information . is validated _ based ^pn^ the registered information 
reouired for outside login. Only when the user's login 
information is validated, the terminal is permitted to log in to 
the host -based network from outside. 



25 
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Claims : 

1. A login permission method to a host-based network 
from outside through a communications line, characterized by 
comprising the steps of : 

registering Information required for outside 
5 login with the host-based network; 

determining whether user's login information 
received from a terminal through the communications line is 
validated based on the registered information required for 
outside login; and 
10 pftraltt.&ngb^^ log ;ih to the host- 

based network from - outsider only:: when; ...the user's ; login 
information is valid^edJ'^ Urp v :v 

2- The login permission method according to claim 1, 
wherein the user's login inf oritiktibn Is a user name and a user's 
15 authentication information, wherein the user's authentication 
information is encrypted at the terihinal and is decrypted at 
the host -based network according to a predetermined encryption 
scheme based on the registered Information required for outside 
login • 

20 3. The login permission method according to claim 2, 

Best AvGsta'^^ ^PY 
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wherein the registered information required for outside login 
include a. unique inf orttfatlon ^Aaai^elyia&^igri^ft to the terminal* 

4. The login permissions aa^tho^ according to ^lsim 3> 
wherein the unique Information is :* asr; ideatif ication number 

5 assignee! -'to ' an : aefcesSoxy ~ devioe ificdrpor ated is the terminal. 

5 . The login permission method according to claim 4 , 
wherein the accessory device Is rradio selecti^ c!ilX receiver 
having the identification number- pre 1 Piously -as signed thereto. 

* 6 . The log:^ 
10 wherein the registered lia^os^^ 

further include a one-time password that is temporarily 

assignsd-to^-the- ^tei^inal by^tte^o'^t^tas^ " ;:netw»ck when the 
inf ormation required f or: outside 3:oginti:s; registered; with the 
host-based network. , -iotv ?. -vr vi;. > ; ; 

15 7 , The login - periais^^ according to claim 6 # 

wherein the unique Information is an identification nurabor 
assigned to an accessory device Incorporated in th^ terminal. 

8. The login permission method according to claim 7, 
wherein the accessory device is a radio Selective call receiver 
20 having the identification number previously assigned thereto. 
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• • • •/ " ■ • ; ^ ■■ r \- ; :\>>.; 

9- A login permission: system /for:: permit: ting a 
terminal to log in to a host computer of a network from outside 
through a communications iinev : 

the host computer characterized by ..comprising: 
5 a registration jneaiory f or registering dLnfprpat ion 

required for outside login; and 

a fhost processor for idetermining Aether user's 
login information xaceivad frw . the .terminal v tlxrough the 
communications : line is validated based on the registered 
10 information required for outside login and, only when the 
user's login infdrraatiio^ is;: Valida ted v permitting, the terminal 
to log iif ■ to* -the has Jc&iapntoex* from, outride %- -.vx <:< - * ci--*.-. 

rov The : log&& ^ 
wherein the^ user 's logirr infparinatiomis a us^r name and a user ' s 
15 authentication information, wherein :' r >^;er i: 

the terminal comprises: 
a memory storing the^reg&s tter^d inf ^qraa^ion .required for 
outside login? 3 and, ,„ ; *i ^a^s^;^--- i-tx ^vr-- 

a encryption ipxoj^fiB.ox^^p^-Bno^ypti^g^t^^ user's 
20 authentication Information according to a predetermined 

encryption scheme. based on, tfcerregi&tered information required 
for outside login to produce encrypted user's authentication 
information. 
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wherein the host processor decrypts the encrypted 
user's authentication information received from the terminal 
according to the predetermined encryption scheme based on the 
registered inf qraatipn^required for outside login to reproduce 
5 the user ' s authentication -int ormatipn, r _ 

11 . The login permission system according to claim 10, 
wherein the regitetesred inf ormation irequired f or joutside login 
include a unique inf ormatibh uniquely aligned to the^terminal^ 

12 . The login permission system according to claim 11, 
10 wherein the unique inf brmaVibn ^is "adi^^ffentif icatioii number 

assigned to an accessory device Incorporated xn the terminal. 

13 . The login permission system according to claim 12 , 
wherein the accessory device is a radio selective call receiver 
having the identification number previously assigned thereto. 

15 14. The login permission system according to claim 11 9 

wherein the registered information required for outside login 
further include a one-time password that is temporarily 
assigned to the terminal by the host comptfter when the 
information required for outside login is registered with the 

20 host computer. 
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15. The login permission system according to claim 14, 
wherein the unique information is an identification number 
assigned to an accessory device incorporated in the terminal . 

5 

16 V The login permission system according to claim 15, 
wherein the accessory devxc£ "II r radio selective call receiver 
having the identification number previously assigned thereto. 



10 17 i The login -permission siystem according to any of claims 

10 to 16 , wherein^ thfx,;;^^ , : : 

a computer with a communication function, having a PC card 
slot therein;., and, . or/r , r , t 

a PC-card pager .which, is detachably connected to the PC card 
15 slot, the PC-card f>agrer comprising the memory and the encryption 
processor . 



18. A login permission method or login permission system 
substantially as herein described with reference to the 
20 accompanying drawings. 
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